«\ United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OK COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
vAvw.uspto.gov 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. CONFIRMATION NO. j 



10/003,767 



10/22/2001 



Mark Lucovsky 



7590 09/26/2006 

WORKMAN, NYDEGGER & SEELEY 
1000 EAGLE GATE TOWER 
60 EAST SOUTH TEMPLE 
SALT LAKE CITY, UT 841 1 1 



13768.198.6 



4885 



EXAMINER 



KIM, JUNG W 



ART UNIT 



PAPER NUMBER 



2132 

DATE MAILED: 09/26/2006 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



Office Action Summary 


Application No. 

10/003,767 


Applicant(s) 

LUCOVSKY ET AL 


Examiner 

Jung Kim 


Art Unit 

2132 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )[3 Responsive to communication(s) filed on 13 September 2006 . 
2a)D This action is FINAL. 2b)K This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-3.5-29 and 31-42 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) IEI Claim(s) 1-3.5-29 and 31-42 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) Q Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)Q objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 !)□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) □ Notice of References Cited (PTO-892) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) ^ Information Disclosure Statement(s) (PTO/SB/08) 

Paper No(s)/Mail Date 7/06 . 



4) □ Interview Summary (PTO-413) 

Paper No(s)/Mail Date. . 

5) Q Notice of Informal Patent Application 

6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 08-06) 



Office Action Summary 



Part of Paper No./Mail Date 20060919 



Application/Control Number: 10/003,767 Page 2 

Art Unit: 2132 

DETAILED ACTION 

1 . This Office action is in response to the RCE filed on September 13, 2006. 

2. Claims 1-3, 5-29 and 31-42 are pending. 

3. Claims 41 and 42 are new. 

Continued Examination Under 37 CFR 1.114 

4. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 9/13/06 
has been entered. 

Response to Arguments 

5. Applicant's argument that the new limitation "a computerized service that is 
configured to perform computerized operations on data structures" is not taught by 
Wong, is not persuasive. In the example of Wong, a University role hierarchy is 
represented using a role-based access control method for XML repositories. This 
method is used to control function requests based on the identity of the user. These 
functions include read, write, create and delete operations for a given user, and add 
user, remove user, add role, and remove role operations for a given administrator on 
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the data structures representing information relevant to services provided by the 
university (Wong, pg. 143-144, section 9: RBXAC in XML), which, contrary to 
applicant's allegations, are both computerized services configured to perform 
computerized operations on data structures. Hence, Wong specifically teaches the new 
limitation in question. 

6. With respect to applicant's argument that limitation of an application-platform 
identifier included in the request is not taught by the prior art of record as outlined in the 
Office action mailed on 8/4/06, this argument is moot in view of the new grounds of 
rejections. 



Claim Rejections - 35 USC § 101 

7. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claim 34 is rejected under 35 U.S.C. 101 because the claim is not limited to 
tangible embodiments. In view of applicant's disclosure, specification pg. 11, paragraph 
24, the medium is not limited to tangible embodiments, instead being defined as 
including both tangible embodiments (e.g. computer readable media as physical storage 
media) and intangible embodiments (e.g. computer readable media as a connection). 
As such the claim is not limited to statutory subject matter and is therefore non- 
statutory. 

Claim Rejections - 35 USC § 102 
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8. Claims 31 , 33 and 35 are rejected under 35 U.S.C. 102(a) as being anticipated 
by Wong et al. "A Role-Based Access Control Model for XML Repositories" (hereinafter 
Wong) 

9. As per claim 31 , Wong discloses in a computer network that includes different 
types of data structures, a method for authorizing a requesting entity to operate upon 
data structures of one or more specific entities in a standard manner, the method 
comprising: 

a. an act of maintaining a number of role templates within one or more role 
map documents that are specific to a particular computerized service that is 
configured to perform computerized operations on data structures, the role 
templates defining basic access permissions with respect to a number of 
command methods, wherein at least some of the role templates define the basic 
access permissions in a manner that is independent of the type of data structure 
being operated upon (pg. 144, "role," "<role_tree>"; the computerized service 
enables read, write, create and delete operations); and 

b. a step for authorizing a requesting entity using the role templates in a 
manner that is independent of the type of data structure being accessed, (pg. 
142, normal request) 
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10. As per claim 33, Wong further discloses wherein the act and step are performed 
by computer-executable instructions embodied within a physical computer-readable 
medium, (pgs. 141-142, section 7) 

11. As per claim 35, Wong further discloses wherein the one or more physical 
computer-readable media are storage media, (pgs. 141-142, section 7) 

Claim Rejections - 35 USC § 103 

12. Claims 1-3, 5-29, 32, 34, 36 and 38-40 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Wong in view of Box et al. W3C "Simple Object Access 
Protocol (SOAP) 1.1" (hereinafter Box). 

1 3. As per claim 1 , Wong discloses in a computer network that includes different 
types of data structures of one or more specific entities, a method for authorizing a 
requesting entity to operate upon data structures in a standard manner, the method 
comprising: 

c. an act of maintaining a plurality of role templates that define basic access 
permissions with respect to one or more command methods, wherein at least 
some of the role templates define the basic access permissions in a manner that 
is independent of the type of data structure being operated upon, and wherein 
the plurality of role templates are contained within one or more role map 
documents that are each specific to a particular computerized service that is 
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configured to perform computerized operations on data structures (pg. 144, 
"role," <role_tree>; the computerized service enables read, write, create and 
delete operations); 

d. an act of maintaining a plurality of role definitions that define access 
permissions for requesting entities by using one or more of the role templates 
(pg. 144, "user", rolepointer points to a "role"); 

e. an act of receiving a request from the requesting entity to perform at least 
one of the command methods, the request identifying the requesting entity (pg. 
142, expression (23), "normal request"); 

f. an act of identifying a role definition corresponding to the requesting entity 
(pg. 142, expressions (24) and (25)); and 

g. an act of determining access permissions for the requesting entity with 
respect to the command method using the role definition corresponding to the 
requesting entity, (pg. 142, ACL performs step (d)) 

14. Wong does not disclose the request from the requesting entity identifies an 
application-platform identifier corresponding to an application of the computerized 
service. Box discloses a lightweight protocol, Simple Object Access Protocol (SOAP), 
for exchanging information in a decentralized, distributed environment. In particular, 
SOAP describes a convention for representing remote procedure calls and responses 
carried in HTTP within the decentralized environment. Such a call includes a Host URI 
and an XML namespace for the function call, which specifically identifies the application 
of the service providing the function, (pg. 10, section 4.3; pg. 33, example 5: Host: 
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www.stockquoteserver.com; xmlns:m="Some-URr) Therefore, it would be obvious to 
one of ordinary skill in the art at the time the invention was made for the request from 
the requesting entity to identify an application-platform identifier corresponding to an 
application of the computerized service. One would be motivated to do so to provide a 
structured messaging means in a decentralized environment as taught by Box. The 
aforementioned cover the limitations of claim 1 . 

1 5. As per claim 2, Wong further discloses wherein the act of maintaining a plurality 
of role definitions that define access permissions for specific entities comprises: 

h. an act of the role definition corresponding to the requesting entity using at 
least one access permission that is specific to the requesting entity, wherein the 
at least one access permission for the requesting entity is defined by the one or 
more role templates that are used by the corresponding role definition as well as 
the access permission that is specific to the requesting entity, (pg. 142, login 
request, expression (22) and normal request, expression (23); pg. 144, "role" and 
"user") 

16. As per claim 3, Wong further discloses wherein the request includes an 
identification of credentials used to authenticate the requesting entity, wherein the role 
definition corresponding to the requesting entity is identified using the credential 
identification, wherein different role definitions may apply depending on the credentials, 
(pg. 142, login request, expression (22); pg. 144, "user") 
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17. As per claim 5, Wong further discloses wherein the act of maintaining a plurality 
of role templates that define basic access permissions comprises the following: an act 
of maintaining the at least one role map documents that contains all of the role 
templates for a particular service, (pg. 144, <role_tree>) 

1 8. As per claim 6, Wong further discloses wherein the act of maintaining a role map 
document that contains all of the role templates for a particular service comprises the 
following: an act of defining one or more scopes that describe views on a data structure, 
the one or more scopes being defined independent of the plurality of role templates; and 
an act of defining a role template by associating a method type with one of the one or 
more scopes, (pg. 144, "acc_f unction" and "acc_operation"; each operation set is 
associated with a XML node) 

19. As per claim 7, Wong further discloses wherein the act of maintaining a role map 
document that contains all of the role templates for a particular service comprises the 
following: an act of maintaining a role map document as a hierarchical data structure. 
(role_tree is a hierarchical data structure) 

20. As per claim 8, Wong further discloses wherein the act of maintaining a role map 
document that contains all of the role templates for a particular service comprises the 
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following: an act of maintaining a role map document as an XML document. (role_tree is 
an XML document) 

21 . As per claim 9, Wong further discloses wherein the act of maintaining a plurality 
of role definitions that define access permissions for specific entities by using one or 
more of the role templates comprises the following: an act of maintaining one or more 
role list documents that contains all of the role definitions for requesting entities that 
may attempt to access data structures belonging to an identity, (pg. 144, < RBXAC_xml 

>) 

22. As per claim 10, the rejection of claim 9 under 35 USC 102(a) as being 
anticipated by Wong is incorporated herein, (supra) In addition, Wong further discloses 
wherein the act of maintaining a role list document comprises the following: an act of 
defining a role definition by referencing a role template included in a role map 
document, (pg. 144, <RBXAC_xml>, <role_tree>) In the example, the elements are all 
defined in one configuration file such that the role map is not distinct from the role list, 
which is contrary to the limitation of claim 10, wherein the role map is distinct from the 
role list. However, this feature is an obvious enhancement to an XML document. It is 
notoriously well known to import entities into an XML document to enable a physical 
separation analogous to a logical separation. Examiner takes Official Notice of this 
teaching. Therefore, it would be obvious to one of ordinary skill in the art at the time the 
invention was made for the role map and role list to be separate XML documents to 
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facilitate better configuration design by establishing physical separation of distinct 
entities as known to one of ordinary skill in the art. The aforementioned cover the 
limitations of claim 10. 

23. As per claim 1 1 , the rejection of claim 1 0 under 35 USC 1 03(a) as being 
unpatentable over Wong is incorporated herein, (supra) In addition, Wong further 
discloses wherein the act of maintaining a role list document comprises the following: an 
act of maintaining a role list document as a hierarchical data structure. (<RBXAC_xml > 
is a hierarchical data structure) 

As per claim 12, the rejection of claim 10 under 35 USC 103(a) as being unpatentable 
over Wong is incorporated herein, (supra) In addition, Wong further discloses wherein 
the act of maintaining a role list document comprises the following: an act of maintaining 
a role list document as an XML document. (RBXAC_xml is an XML document) 

24. As per claim 1 3, Wong further discloses wherein the act of receiving a request 
from the requesting entity to perform at least one of the command methods comprises 
the following: an act of receiving a request from the requesting entity to insert a portion 
into the data structure, (pg. 142, normal request, "op"; pg. 144, "acc_operation") 

25. As per claim 14, Wong further discloses wherein the act of receiving a request 
from the requesting entity to perform at least one of the command methods comprises 
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the following: an act of receiving a request from the requesting entity to delete a portion 
from the data structure, (pg. 142, normal request, "op"; pg. 144, "acc_pperation") 

26. As per claim 1 5, Wong further discloses wherein the act of receiving a request 
from the requesting entity to perform at least one of the command methods comprises 
the following: an act of receiving a request from the requesting entity to update a portion 
of the data structure, (pg. 142, normal request, "op"; pg. 144, "acc_operation") 

27. As per claim 16, Wong further discloses wherein the act of receiving a request 
from the requesting entity to perform at least one of the command methods comprises 
the following: an act of receiving a request from the requesting entity to replace a 
portion of the data structure, (pg. 142, normal request, "op"; pg. 144, "acc_operation") 

28. As per claim 17, Wong further discloses wherein the act of receiving a request 
from the requesting entity to perform at least one of the command methods comprises 
the following: an act of receiving a request from the requesting entity to query regarding 
a portion of the data structure, (pg. 142, normal request, "op"; pg. 144, "acc_operation") 

29. As per claim 18, Wong further discloses wherein the one or more command 
methods comprise a set including insert, delete, query, update, and replace, (pg. 142, 
normal request, "op"; pg. 144, "acc_operation") 
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30. As per claims 19-23, the rejection of claim 1 under 35 U.S.C. 102(a) as being 
anticipated by Wong is incorporated herein, (supra) Wong discloses the data structure 
represents general information in a computer system (pg. 1, Introduction; pg. 141, 
section 7), but Wong does not expressly disclose the data structure represents the 
following: in-box information, calendar information, document information, notification 
information or content information. However, it is notoriously well known for these types 
of information to be placed under access restriction: in-box information is specific to the 
receiver of the in-box; calendar information lists the personal obligations scheduled for a 
given date; document information contains a litany of personal documents; notification 
information is private to the notifies; and content information relates to all of the above. 
Therefore, it would be obvious to one of ordinary skill in the art at the time the invention 
was made for the data structure to represent any one of in-box information, calendar 
information, document information, notification information or content information, since 
all of these information require access restriction to maintain the privacy of the 
information as known to one of ordinary skill in the art. The aforementioned cover the 
limitations of claims 19-23. 

31 . As per claim 24, Wong further discloses wherein the data structure represents 
role list information, (pg. 141, section 7, the XML database stores both the ACL and the 
XML files; the access control file is stored in XML format) 
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32. As per claim 25, Wong further discloses wherein the data structure represents 
system information, (pg. 141, section 7, the XML database stores both the ACL and the 
XML files; the access control file is stored in XML format) 

33. As per claim 26, Wong further discloses wherein the act of identifying a role 
definition corresponding to the requesting entity comprises: an act of identifying the role 
definition by searching a database, (pg. 142, expression (25)) 

34. As per claim 27, Wong further discloses wherein the act of identifying a role 
definition corresponding to the requesting entity comprises: an act of identifying the role 
definition based on authorized role information provided within the request, (pg. 142, 
login request, expression (22) and normal request, expression (23)) 

35. As per claim 28, Wong further discloses wherein the authorized role information 
includes an identification of a role template, (pg. 142 and 144, normal request includes 
a userjd, which identifies a user, which includes at least one rolepointer, which 
identifies at least one role) 

36. As per claim 29, Wong further discloses wherein the authorized role information 
further includes an identification of at least one refined, local scope for modifying the 
role template, (pgs. 142 and 144, normal request includes a userjd, which identifies a 
user, which includes at least one rolepointer, which identifies at least one role, wherein 
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each role includes an acc_function, which includes an XMLPointer; since each user id is 
associated with more than one role and/or each role has more than one XML node, 
each user id is associated with more than one scope). 

37. As per claim 32, the rejection of claim 31 under 35 USC 102(a) as being 
anticipated by Wong is incorporated herein. Wong further discloses wherein the step 
for authorizing a requesting entity using the role templates comprises the following: 

i. an act of maintaining a plurality of role definitions that define access 
permissions for receiving entities by using one or more of the role templates (pg. 
144, "user"); 

j. an act of receiving a request from the requesting entity to perform at least 
one of the command methods, the request identifying the requesting entity (pg. 
142, normal request); 

k. an act of identifying a role definition corresponding to the requesting entity 
(pg. 142, expressions (24) and (25)); and 

I. an act of determining access permissions for the requesting entity with 
respect to the command method using the role definition corresponding to the 
requesting entity (pg. 142, ACL performs step (d)). 

38. Wong does not disclose the request from the requesting entity identifies an 
application-platform identifier corresponding to an application of the computerized 
service. Box discloses a lightweight protocol, Simple Object Access Protocol (SOAP), 
for exchanging information in a decentralized, distributed environment. In particular, 
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SOAP describes a convention for representing remote procedure calls and responses 
carried in HTTP within the decentralized environment. Such a call includes a Host URI 
and an XML namespace for the function call, which specifically identifies the application 
of the service providing the function, (pg. 10, section 4.3; pg. 33, example 5: Host: 
www.stockquoteserver.com; xmlns:m="Some-URI") Therefore, it would be obvious to 
one of ordinary skill in the art at the time the invention was made for the request from 
the requesting entity to identify an application-platform identifier corresponding to an 
application of the computerized service. One would be motivated to do so to provide a 
structured messaging means in a decentralized environment as taught by Box. The 
aforementioned cover the limitations of claim 32. 

39. As per claim 34, Wong discloses computer program product for use in a 
computer network that includes different types of data structures of one or more specific 
entities, the computer program product for implementing a method for authorizing a 
requesting entity to operate upon data structures in a standard manner, the computer 
program product comprising one or more physical computer-readable media have 
stored thereon the following: 

m. computer-executable instructions for maintaining a plurality of role 
templates that define basic access permissions with respect to one or more 
command methods, wherein at least some of the role templates define the basic 
access permissions in a manner that is independent of the type of data structure 
being operated upon, and wherein the plurality of role templates are contained 
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within one or more role map documents that are specific to a particular 
computerized service that is configured to perform computerized operations on 
data structures (pg. 144, "role," "<role_tree>"; the computerized service enables 
read, write, create and delete operations); 

n. computer-executable instructions for maintaining a plurality of role 
definitions that define access permissions for receiving entities by using one or 
more of the role templates (pg. 144, "user", rolepointer points to a "role"); 
o. computer-executable instructions for detecting the receipt of a request 
from the requesting entity to perform at least one of the command methods, the 
request identifying the requesting entity (pg. 142, expression (23), "normal 
request"); 

p. computer-executable instructions for identifying a role definition 
corresponding to the requesting entity (pg. 142, expressions (24) and (25)); and 
q. computer-executable instructions for determining access permissions for 
the requesting entity with respect to the command method using the role 
definition corresponding to the requesting entity (pg. 142, ACL performs step (d)). 
40. Wong does not disclose the request from the requesting entity identifies an 
application-platform identifier corresponding to an application of the computerized 
service. Box discloses a lightweight protocol, Simple Object Access Protocol (SOAP), 
for exchanging information in a decentralized, distributed environment. In particular, 
SOAP describes a convention for representing remote procedure calls and responses 
carried in HTTP within the decentralized environment. Such a call includes a Host URI 
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and an XML namespace for the function call, which specifically identifies the application 
of the service providing the function, (pg. 10, section 4.3; pg. 33, example 5: Host: 
www.stockquoteserver.com; xmlns:m="Some-URI") Therefore, it would be obvious to 
one of ordinary skill in the art at the time the invention was made for the request from 
the requesting entity to identify an application-platform identifier corresponding to an 
application of the computerized service. One would be motivated to do so to provide a 
structured messaging means in a decentralized environment as taught by Box. The 
aforementioned cover the limitations of claim 34. 

41 . As per claim 36, Wong discloses in a computer network that includes different 
services, applications, and an authorization station, the applications submitting requests 
to perform operations on different data structures managed by the different services, a 
system for isolating the authorization process from the services so that the services 
need not independently authorize each request they receive from the number of 
applications, the system comprising: 

r. a plurality of computerized services that are configured to perform 
computerized operations on data structures (pg. 138, section 1, "XML are usually 
stored in multiple sources or repositories"; pgs. 142 and 143: Section 8, "Self- 
evolving RBXAC; user session and administration sessions; pg. 144, the 
computerized service enables adduser, rmuser, addrole, and rmrole, as well as 
read, write, create and delete operations); 
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s. an authorization station configured to receive requests from a number of 
applications to operate upon data structures managed by any of the number of 
services (pg. 142, 2 nd essential component, ACL), the authorization station 
configured to perform the following: 

i. receive a request from a requesting entity to perform a target 
operation upon a target data structure managed by a target service (pg. 
142, login request and normal request, which identifies an operation and 
target); 

ii. access a role template that defines basic authorizations with 
respect to one or more operations, including at least the target operation, 
wherein the role template defines the basic authorizations in a manner 
that is independent of the target data structure desired to be operated 
upon, and wherein the role template is contained within a role map 
document that is specific to one of the plurality of services (pg. 142, 
expression (24) and (25); pg. 144, "role," "<role_tree>"); 

iii. determine that the corresponding requesting entity is authorized to 
perform the target operation on the target data structure (pg. 142, ACL 
performs step (d)); and 

iv. communicate to the target service that the requesting entity is 
authorized to perform the target operation on the target data structure, 
(pg. 142, ACL performs step (d)) 
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42. Wong does not disclose the request from the requesting entity identifies an 
application-platform identifier corresponding to an application of the computerized 
service. Box discloses a lightweight protocol, Simple Object Access Protocol (SOAP), 
for exchanging information in a decentralized, distributed environment. In particular, 
SOAP describes a convention for representing remote procedure calls and responses 
carried in HTTP within the decentralized environment. Such a call includes a Host URI 
and an XML namespace for the function call, which specifically identifies the application 
of the service providing the function. (Box, pg. 10, section 4.3; pg. 33, example 5: Host: 
www.stockquoteserver.com; xmlns:m="Some-URI") Therefore, it would be obvious to 
one of ordinary skill in the art at the time the invention was made for the request from 
the requesting entity to identify an application-platform identifier corresponding to an 
application of the computerized service. One would be motivated to do so to provide a 
structured messaging means in a decentralized environment as taught by Box. The 
aforementioned cover the limitations of claim 36. 

43. As per claim 38, Wong further discloses wherein the set of identifying a role 
definition corresponding to the requesting entity comprises the following: 

t. an act of referencing a role template (pg. 144, "user"); and 
u. an act of maintaining one or more refined scopes for refining a scope 
referenced in the role template, wherein the one or more refined scopes are 
independent of the role template and refinement occurs at a user level, and 
wherein the scope referenced in the role template indicates what portions of a 
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data structure are visible to a role definition for a particular command method. 
(144, "user", which includes at least one rolepointer, which identifies at least one 
role, wherein each role includes an accjunction, which includes an XMLPointer; 
since each user id is associated with more than one role and/or each role has 
more than one XML node, each user id is associated with more than one scope; 
moreover, the XMLPointer points to an XML node object) 

44. As per claim 39, Wong further discloses wherein the act of determining access 
permissions for the requesting entity with respect to the command method using the 
role definition corresponding to the requesting comprises the following: 

v. an act of determining access permissions below the data structure level, 
(pg. 144, "accjunction" includes an XMLPointer) 

45. As per claim 40, Wong further discloses wherein each of the one or more role list 
documents are specific to a particular requesting entity, (pg. 144, "<user userjd="Alice" 
passwd="123"></user>) 

46. Claim 37 is rejected under 35 USC 103(a) as being unpatentable over Wong in 
view of Box, and further in view of Stallings Cryptography and Network Security Chapter 
1 1 (hereinafter Stallings). 
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47. As per claim 37, the rejection of claim 1 under 35 USC 102(a) as being 
anticipated by Wong is incorporated herein, (supra) Wong does not disclose the act of 
maintaining a plurality of role definitions that define access permissions for requesting 
entities by using one or more of the role templates comprises an act of maintaining a 
plurality of role definitions for the requesting entity, wherein at least one of the plurality 
of role definitions correspond to a plurality of authentication methods. Stallings 
discloses an authentication protocol, wherein a requesting user is authenticated by a 
central server to grant access into a particular server, wherein the particular server is 
one of a plurality of servers having their own authentication method (pgs. 329-335, "The 
Version 4 Authentication Dialogue"). In the user request to the central server, the user 
provides his ID as well as the ID of a particular server to gain authentication to the 
particular server (pg. 331 , Table 1 1 .2, Message (1 )). This type of authentication 
protocol consolidates a plurality of authentication methods into an access point, wherein 
a user has access rights to at least one of the plurality of servers. Therefore, it would 
be obvious to one of ordinary skill in the art at the time the invention was made for the 
act of maintaining a plurality of role definitions that define access permissions for 
requesting entities by a using one or more of the role templates to comprise an act of 
maintaining a plurality of role definitions for the requesting entity, wherein at least one of 
the plurality of role definitions correspond to a plurality of authentication methods. One 
would be motivated to do so to gain the benefits of a centralized authentication service, 
such as scalability and security. (Stallings, pg. 325, 4 bullets) The aforementioned 
cover the limitations of claim 37. 
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48. Claim 41 is rejected under 35 USC 103(a) as being unpatentable over Wong in 
view of Box, and further in view of Beckhardt et al. USPN 6,085,166. (hereinafter 
Beckhardt) 

49. As per claim 41 , the rejections of claim 1 under 35 USC 103(a) as being 
unpatentable over Wong and Box are incorporated herein. Wong does not expressly 
disclose the computerized service comprises a calendar service having a corresponding 
calendar service schema. Beckhardt discloses a computerized service comprising a 
calendar service having a corresponding calendar service schema, wherein the sen/ice 
can be accessed based on user privilege (fig. 1 and related text; col. 1 1 :47-50) It would 
be obvious to one of ordinary skill in the art at the time the invention was made for the 
computerized service to comprise a calendar service having a corresponding calendar 
service schema. One would be motivated to do so to leverage a distributed database 
as taught by Wong in the calendar service disclosed by Beckhardt to provide an efficient 
means of access control into a distributed database. (Wong, Introduction) The 
aforementioned cover the limitations of claim 41 . 

50. Claim 42 is rejected under 35 USC 103(a) as being unpatentable over Wong in 
view of Box, and further in view of Ivanov USPN 5,706,452. (hereinafter Ivanov) 
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51. As per claim 42, the rejections of claim 1 under 35 USC 103(a) as being 
unpatentable over Wong and Box are incorporated herein. Wong does not expressly 
disclose the computerized service comprises a calendar service having a corresponding 
calendar service schema. Ivanov discloses a computerized service comprising a 
notification service having a corresponding notification service schema, wherein the 
service can be accessed based on user privilege (col. 5:16-18; 12:32-49; 18:22-30) It 
would be obvious to one of ordinary skill in the art at the time the invention was made 
for the computerized service to comprise a calendar service having a corresponding 
calendar service schema. One would be motivated to do so to leverage a distributed 
database as taught by Wong in the notification service disclosed by Ivanov and provide 
an efficient means of access control into this distributed database. (Wong, Introduction) 
The aforementioned cover the limitations of claim 42. 

Communications Inquiry 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jung W. Kim whose telephone number is 571-272-3804. 
The examiner can normally be reached on M-F 9:00-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 



Application/Control Number: 10/003,767 



Page 24 



Art Unit: 2132 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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